Support S3 KMS Encryption
elliottpope opened this issue · comments
Is your feature request related to a problem? Please describe.
I have an S3 bucket SSE-KMS enabled (i.e. using this method of S3 object encryption). The FluentD S3 Output Plugin supports providing the SSE parameters to implement this but I cannot determine how to inject those parameters using the s3
ClusterOutput
Describe the solution you'd like
I would like the S3 Output Plugin API to support:
sse: bool
. To enable/disable encryption (defaults to AWS S3-SSE using AWS managed keys)sseKMSKeyID: string
. To provide the ARN of the KMS key to be used if using a custom keysseCustomerAlgorithm: string
,sseCustomerKey: string
,sseCustomerKeyMD5: string
. For S3-KMS with Customer Managed Keys
I would like to be able to configure the FluentD S3 Output plugin using this operator to upload objects to S3 encrypted using a KMS managed key that I provide
Additional context
I believe you would just need to add additional parameter mappings here and here to support the following parameters from here: use_server_side_encryption
, ssekms_key_id
, sse_customer_algorithm
, sse_customer_key
, sse_customer_key_md5
(those last few are for the Customer Provided Key case which is not my use case)